Resolved Plesk "Additional nginx directives" with several IP redirects...?

[HHawk]

We switched one of our personal domains from FastCGI to nginx, however I am experiencing some issues with applying "RewriteCond" into the "Additional nginx directives" for this domain / hostingaccount.

The idea behind it, is that I want to redirect everyone to disney.com who's IP's aren't in the list of allowed IP's.

For example we are using the following .htaccess file (see below) in FastCGI to redirect everyone (but our own IP's) to disney.com. In this situation we are able to visit the site while it's under construction and everyone else is redirected to disney.com.

RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^88\.33\.160\.132$
RewriteCond %{REMOTE_ADDR} !^214\.166\.12\.70$
RewriteCond %{REMOTE_ADDR} !^69\.232\.83\.[0-9]{1,3}$
RewriteRule .? http://disney.com/ [L]

However nginx doesn't use .htaccess and therefor you have to add it in Plesk's CP under "Additional nginx directives". I did a search on Google and though I got a few hits, none of them explained how to do this with multiple IP's.

Our current "Additional nginx directives" contains only the following:

gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml application/x-font-ttf font/opentype;

location ~* \.(?:ico|css|js|gif|jpe?g|png|svg|woff)$ {
   expires 30d;
   add_header Pragma public;
   add_header Cache-Control "public";
   proxy_read_timeout 90;
   fastcgi_read_timeout 90;
}

If I try to use "geo" in there I get the following error: "Invalid nginx configuration: nginx: [emerg] "geo" directive is not allowed here in". If use "location" or "server" I also get errors...

Can anyone give me a working example on how to apply our current .htaccess rules, as described above, in nginx?

Thank you in advance for your help.

 

[UFHH01]

Hi HHawk,

RewriteEngine on RewriteCond %{REMOTE_ADDR} !^88\.33\.160\.132$ RewriteCond %{REMOTE_ADDR} !^214\.166\.12\.70$ RewriteCond %{REMOTE_ADDR} !^69\.232\.83\.[0-9]{1,3}$ RewriteRule .? http://disney.com/ [L]

As "Additional nginx directive" you could use ( untested, but "should" work ^^ ):

    if ($remote_addr !~ "^88\.33\.160\.132$"){
        set $rule_0 1$rule_0;
    }

    if ($remote_addr !~ "^214\.166\.12\.70$"){
        set $rule_0 2$rule_0;
    }

    if ($remote_addr !~ "^69\.232\.83\.[0-9]{1,3}$"){
        set $rule_0 3$rule_0;
    }

    if ($rule_0 = "321"){
        rewrite /.? http://disney.com/ last;
    }

gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml application/x-font-ttf font/opentype;

Pls. consider to add this directly in your "nginx.conf" ( "http" section ) instead of your domain - specific configuration file.

If I try to use "geo" in there I get the following error: "Invalid nginx configuration: nginx: [emerg] "geo" directive is not allowed here in". If use "location" or "server" I also get errors...

These "GEO" settings should as well be defined in your nginx.conf ( "http" section ):

Example:

...

        # START  GeoIP - Specifications
        geoip_country   /usr/share/GeoIP/GeoIP.dat;
        geoip_city      /usr/share/GeoIP/GeoIPCity.dat;
        geoip_org       /usr/share/GeoIP/GeoIPOrg.dat;
        # END    GeoIP - Specifications

        include /etc/nginx/conf.d/*.conf;
...

 

[HHawk]

Hi UFHH01,

First; thank you for taking the time to answer.

I tried your solution in regards to the redirects (rewritecond) and they work. I don't understand why they didn't work for me, because I tried something very similar.
Maybe it was because I had to many rules (over 10)? If I see your example and I quote: "($rule_0 = "321")" how would you enter rules above 10?

In regards to:

Pls. consider to add this directly in your "nginx.conf" ( "http" section ) instead of your domain - specific configuration file.

You mean the nginx.conf located in /etc/nginx/ right?
Not the one under the domain, because those are generated automatically if I am not mistaken.

Just to provide some insight this how our current /etc/nginx/nginx.conf file looks:

#user  nginx;
worker_processes 4;
worker_rlimit_nofile 65535;

error_log  /var/log/nginx/error.log;
error_log  /var/log/nginx/error.log  notice;
error_log  /var/log/nginx/error.log  info;

#pid  /var/run/nginx.pid;

include /etc/nginx/modules.conf.d/*.conf;

events {
  worker_connections  8192;
  multi_accept  on;
  use  epoll;
}


http {
  include  mime.types;
  default_type  application/octet-stream;

  #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  #  '$status $body_bytes_sent "$http_referer" '
  #  '"$http_user_agent" "$http_x_forwarded_for"';

  #access_log  /var/log/nginx/access.log  main;

  sendfile  on;
  tcp_nopush  on;

  #keepalive_timeout  0;
  #keepalive_timeout  15;
  tcp_nodelay  off;
  client_body_timeout 12;
  client_header_timeout 12;
  proxy_connect_timeout  60;
  proxy_send_timeout  60;
  proxy_read_timeout  60;
  send_timeout  10;

  open_file_cache max=2048 inactive=20s;
  open_file_cache_valid 30s;
  open_file_cache_min_uses 2;
  open_file_cache_errors on;

  keepalive_requests 100000;
  keepalive_timeout  90;

  fastcgi_buffers 8 128k;
  fastcgi_buffer_size 256k;

  #gzip  on;
  #gzip_disable "MSIE [1-6]\.(?!.*SV1)";

  server_tokens off;

  include /etc/nginx/conf.d/*.conf;
}

# override global parameters e.g. worker_rlimit_nofile
include /etc/nginx/*global_params;

Obviously I will enter the changes I want to make in there.
But does the nginx.conf look alright to you.

Thank you once again for your time.

Regards

//EDIT #1

Small update; I added the gzip code to the nginx.conf file under http as mentioned, however now I am getting the following error:

nginx: [emerg] "location" directive is not allowed here in /etc/nginx/nginx.conf:40
nginx: configuration file /etc/nginx/nginx.conf test failed

//EDIT #2

Well I removed the following parts:

Above:

location ~* \.(?:ico|css|js|gif|jpe?g|png|svg|woff)$ {

Below:

}

And it give a duplicate error "proxy_read_timeout 90;", so I removed that one as well.
Now it restarted without issue, but I don't know if everything is working as it should though.

Sorry for the stupid questions.

 

[UFHH01]

Hi HHawk,

In regards to:

You mean the nginx.conf located in /etc/nginx/ right?
Not the one under the domain, because those are generated automatically if I am not mistaken.

Please have a CLOSER look to your /etc/nginx/nginx.conf:

...
http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;

#keepalive_timeout 0;
#keepalive_timeout 15;
tcp_nodelay off;
client_body_timeout 12;
client_header_timeout 12;
proxy_connect_timeout 60;
proxy_send_timeout 60;
proxy_read_timeout 60;
send_timeout 10;

open_file_cache max=2048 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;

keepalive_requests 100000;
keepalive_timeout 90;

fastcgi_buffers 8 128k;
fastcgi_buffer_size 256k;

#gzip on;
#gzip_disable "MSIE [1-6]\.(?!.*SV1)";

server_tokens off;

include /etc/nginx/conf.d/*.conf;
}
...

ALL code inside the red marked words/signs is the "http" - section.

Maybe it was because I had to many rules (over 10)? If I see your example and I quote: "($rule_0 = "321")" how would you enter rules above 10?

Plesk provides as well a FREE extension, called "htaccess to nginx - converter" ( => Link to the Plesk Extension catalogue ) , pls. use it, if you are unsure about your manual nginx directive coding(s).

client_body_timeout 12; client_header_timeout 12; proxy_connect_timeout 60; proxy_send_timeout 60; proxy_read_timeout 60;

As NGINX is quite clever, it will always direct you to misconfigurations you made - you could avoid your misconfiguration(s), if you inspect your code a bit better, so that "double" entries never exist.

Now it restarted without issue, but I don't know if everything is working as it should though.

As far that I can see, your initial question is answered and the suggestion works as expected. Consider to open a NEW thread, if you experience OTHER issues/errors/problems with Plesk related products.

 

[HHawk]

I did take a closer look to nginx.conf file and fixed, as I mentioned in my previous post.
Yeah, I noticed nginx is pretty smart and mentioned when there are duplicates.

As far that I can see, your initial question is answered and the suggestion works as expected. Consider to open a NEW thread, if you experience OTHER issues/errors/problems with Plesk related products.

Why should I open another thread about nginx, while this question was about nginx?
I was just wondering if my configuration was good in regards to nginx in general. I made some tweaks for better performance, which I found around on the internet and therefor I was wondering if these were (any) good for usage.

Regards